Cristian,
----- Original Message -----
From: Cristian Vasquez
To: shorewall-users@shorewall.net
Sent: Thursday, March 07, 2002 1:32 PM
Subject: [Shorewall-users] Another question !!
I fixed my mistake, I updated iptables to the last version from
RedHat. But, my doubt is? With this configuration,
loc net ACCEPT
loc fw ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
My firewall is allowed all from my local net to
Internet, it isn''t functioning the RULES, I don''t understand
why, and can you help me? I think the file rules is where I can filter the
internet access by ruler like ACCEPT loc fw tcp
53. Do you understand me?
You have the loc->fw policy of ACCEPT. That means that if a connection
request isn''t covered by a rule then it will be accepted. It therefore
makes no sense to add ACCEPT rules for loc->fw unless you just want the rule
there to count the number of connections. If you want to limit the connections
you allow from loc->fw, then you should make the policy REJECT:
loc fw REJECT info
That way, you can add ACCEPT rules for just the connections that you want to
allow.
I hope this answers your question,
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net